On Mon, Aug 18, 2008 at 04:21:41PM -0400, Brian Miller wrote: > Not a big deal. I will be sure to just mount and dismount the USB drives > manually. They are just there to store a config and log backup on the > firewall.
If an attacker has gained access to the system, anything mounted locally should be deemed unreliable. > I am doing this so that if I have a failure or attack or some > other type of crash. I will be able to check out the latest config and > logs. I suppose that you know that you can use syslogd to log to another machine? And you could use logger(1) to read config files into the log. That would be much safer because it's a one-way street. You can log to another machine, but you cannot delete from the logfile on the other machine, unless it's compromised as well. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
pgpSCYk5XwyPW.pgp
Description: PGP signature
